Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/YzbIcgGX1JS0e_qevU6zVVq8U6A.roa
File:                     YzbIcgGX1JS0e_qevU6zVVq8U6A.roa (raw, json)
Hash identifier:          ErguazQ8VVCOuigUpBfI+6zqpTfIttctPUJouSvTk5o=
Subject key identifier:   63:36:C8:72:01:97:D4:94:B4:7B:FA:9E:BD:4E:B3:55:5A:BC:53:A0
Certificate issuer:       /CN=ed30a131718560a34ab3493884e858ec431f6ad1
Certificate serial:       018D02B96725339597A241E76A54241D5EC3
Authority key identifier: ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/YzbIcgGX1JS0e_qevU6zVVq8U6A.roa
Signing time:             Sat 13 Jan 2024 12:08:41 +0000
ROA not before:           Sat 13 Jan 2024 12:08:41 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     208476
IP address blocks:        194.147.140.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Wed 29 May 2024 16:00:52 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8d:02:b9:67:25:33:95:97:a2:41:e7:6a:54:24:1d:5e:c3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=ed30a131718560a34ab3493884e858ec431f6ad1
        Validity
            Not Before: Jan 13 12:08:41 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=6336c8720197d494b47bfa9ebd4eb3555abc53a0
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:e9:d9:fc:0f:0c:15:6e:2d:ae:7b:d1:86:ab:7c:
                    e8:48:f0:96:d3:f0:0f:65:2c:ef:48:0f:11:9c:2b:
                    8e:a1:64:f8:8f:8a:7a:f7:67:ee:27:a0:ed:bf:b1:
                    b1:16:b7:2f:6d:a3:03:a6:c7:fe:23:95:1c:ad:14:
                    62:04:35:ba:20:20:b5:92:06:df:6e:9d:f5:70:34:
                    d9:8f:d8:b2:36:58:30:de:d4:a7:bc:24:90:79:68:
                    c0:23:1f:71:ad:c4:93:a0:08:ec:ac:45:fa:af:2f:
                    30:fe:1f:24:34:de:1e:9b:0c:db:68:01:3f:5d:d0:
                    38:87:db:6d:48:23:7e:3c:35:c2:7e:0f:ca:a8:ba:
                    00:c1:7d:31:7d:5c:0f:be:48:31:db:f6:a8:4d:28:
                    c6:7f:96:ed:8d:95:ef:e7:b1:87:30:c6:f5:25:3d:
                    df:8c:a4:a3:da:c7:12:ae:0a:94:13:d5:75:43:66:
                    79:a0:96:42:50:14:55:b6:52:a2:cc:e7:a5:d0:86:
                    74:f2:46:a5:36:25:52:bc:63:2a:81:5a:e4:65:aa:
                    31:76:4c:d2:54:9e:f5:a0:70:57:4d:da:3b:e1:3e:
                    3c:df:fc:4b:bc:e8:1b:db:7b:7f:e4:e3:12:85:41:
                    ae:a2:a5:2d:6e:88:8b:46:13:f0:82:85:9b:c9:91:
                    79:ef
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                63:36:C8:72:01:97:D4:94:B4:7B:FA:9E:BD:4E:B3:55:5A:BC:53:A0
            X509v3 Authority Key Identifier:
                keyid:ED:30:A1:31:71:85:60:A3:4A:B3:49:38:84:E8:58:EC:43:1F:6A:D1

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/7TChMXGFYKNKs0k4hOhY7EMfatE.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/YzbIcgGX1JS0e_qevU6zVVq8U6A.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0f/5b0702-16e7-4627-ae19-4b3b1b63b6ab/1/7TChMXGFYKNKs0k4hOhY7EMfatE.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  194.147.140.0/24

    Signature Algorithm: sha256WithRSAEncryption
         31:dd:79:fe:0f:15:81:f1:a9:7b:e9:e2:d5:f3:40:95:f9:ec:
         e2:53:8c:54:eb:c8:01:45:95:20:ac:18:3f:41:b4:af:a8:1b:
         60:57:f7:16:c7:63:eb:1e:7f:b9:8e:c9:5a:3f:c0:fe:4e:05:
         82:e4:cb:c6:f8:b8:99:c0:a2:a3:a8:b0:54:dd:1f:30:20:f5:
         19:28:62:b8:e1:a3:1d:d9:18:37:f3:a7:68:8e:6b:f9:7d:37:
         60:57:8d:2d:0d:e2:78:d7:b4:80:74:87:67:ad:70:f1:38:20:
         4d:b2:69:ee:78:9f:87:17:a3:06:f8:e2:70:b5:e1:05:aa:e5:
         02:ff:bd:31:09:87:36:d1:c9:03:9a:34:42:b8:66:1d:c1:66:
         27:bc:32:f6:6c:c2:15:78:ee:83:35:5b:22:2f:d9:69:0c:93:
         f6:8d:ca:89:8b:48:cf:b7:bc:2e:9b:73:49:ad:8f:d9:aa:25:
         b3:ca:7e:88:09:56:f5:c8:fb:78:02:8d:3c:85:dc:6f:ce:24:
         b9:14:ff:a3:79:34:75:95:be:75:82:84:ce:bc:cf:75:a3:09:
         7e:5a:f1:c0:02:e4:d8:df:93:b7:13:bf:cc:68:71:cd:16:8a:
         2f:27:b3:4b:a3:49:65:61:1f:86:05:17:09:dd:11:76:99:52:
         3b:b9:f9:de
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAY0CuWclM5WXokHnalQkHV7DMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGVkMzBhMTMxNzE4NTYwYTM0YWIzNDkzODg0ZTg1OGVjNDMx
ZjZhZDEwHhcNMjQwMTEzMTIwODQxWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg2MzM2Yzg3MjAxOTdkNDk0YjQ3YmZhOWViZDRlYjM1NTVhYmM1M2EwMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA6dn8DwwVbi2ue9GGq3zoSPCW0/AP
ZSzvSA8RnCuOoWT4j4p692fuJ6Dtv7GxFrcvbaMDpsf+I5UcrRRiBDW6ICC1kgbf
bp31cDTZj9iyNlgw3tSnvCSQeWjAIx9xrcSToAjsrEX6ry8w/h8kNN4emwzbaAE/
XdA4h9ttSCN+PDXCfg/KqLoAwX0xfVwPvkgx2/aoTSjGf5btjZXv57GHMMb1JT3f
jKSj2scSrgqUE9V1Q2Z5oJZCUBRVtlKizOel0IZ08kalNiVSvGMqgVrkZaoxdkzS
VJ71oHBXTdo74T483/xLvOgb23t/5OMShUGuoqUtboiLRhPwgoWbyZF57wIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFGM2yHIBl9SUtHv6nr1Os1VavFOgMB8GA1UdIwQY
MBaAFO0woTFxhWCjSrNJOIToWOxDH2rRMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTkt
NGIzYjFiNjNiNmFiLzEvWXpiSWNnR1gxSlMwZV9xZXZVNnpWVnE4VTZBLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZi81YjA3MDItMTZlNy00NjI3LWFlMTktNGIzYjFiNjNiNmFi
LzEvN1RDaE1YR0ZZS05LczBrNGhPaFk3RU1mYXRFLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQAwpOMMA0G
CSqGSIb3DQEBCwUAA4IBAQAx3Xn+DxWB8al76eLV80CV+eziU4xU68gBRZUgrBg/
QbSvqBtgV/cWx2PrHn+5jslaP8D+TgWC5MvG+LiZwKKjqLBU3R8wIPUZKGK44aMd
2Rg386dojmv5fTdgV40tDeJ417SAdIdnrXDxOCBNsmnueJ+HF6MG+OJwteEFquUC
/70xCYc20ckDmjRCuGYdwWYnvDL2bMIVeO6DNVsiL9lpDJP2jcqJi0jPt7wum3NJ
rY/ZqiWzyn6ICVb1yPt4Ao08hdxvziS5FP+jeTR1lb51goTOvM91owl+WvHAAuTY
35O3E7/MaHHNFoovJ7NLo0llYR+GBRcJ3RF2mVI7ufne
-----END CERTIFICATE-----